info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Permissions model implementation and WebAPIs
85 views
Skip to first unread message
Lucas Adamski
Jul 31, 2012, 3:29:22 AM7/31/12
to dev...@lists.mozilla.org
Much of the core permissions management has landed or is en-route, namely the updated nsIPermissionManager (https://bugzilla.mozilla.org/show_bug.cgi?id=769583, https://developer-new.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIPermissionManager).
Work to populate the permissions from the manifest (https://bugzilla.mozilla.org/show_bug.cgi?id=758269) and to connect them to UI permission events (https://bugzilla.mozilla.org/show_bug.cgi?id=773114) is underway.
The largest remaining chunk of work is to ensure each API is calling into nsIPermissionManager instead of using the whitelists. This work is being tracked here: https://bugzilla.mozilla.org/show_bug.cgi?id=774716
If you are a WebAPI owner, its important that you ensure your API implements the correct permission checks. A good place to start is by adding a bug to the existing tracking bug (774716 above). How do you figure out what permission checks you should have? Great question! You should start by looking at the WebAPI page (https://wiki.mozilla.org/WebAPI#APIs) and finding the corresponding link to the "Security Design Complete" for your API. That should describe the correct behavior for your API for each application type. That includes broad permissions per app-type (i.e. denied, implicit, explicit) but also may recommend or require specific mitigations that can only be implemented within your API.
If you have questions or concerns about the behavior as spec'ed, please feel free to bring it up (ideally in the corresponding original API Security Discussion on dev-webapps or in the bug that you file). Thanks!
Lucas.
Work to populate the permissions from the manifest (https://bugzilla.mozilla.org/show_bug.cgi?id=758269) and to connect them to UI permission events (https://bugzilla.mozilla.org/show_bug.cgi?id=773114) is underway.
The largest remaining chunk of work is to ensure each API is calling into nsIPermissionManager instead of using the whitelists. This work is being tracked here: https://bugzilla.mozilla.org/show_bug.cgi?id=774716
If you are a WebAPI owner, its important that you ensure your API implements the correct permission checks. A good place to start is by adding a bug to the existing tracking bug (774716 above). How do you figure out what permission checks you should have? Great question! You should start by looking at the WebAPI page (https://wiki.mozilla.org/WebAPI#APIs) and finding the corresponding link to the "Security Design Complete" for your API. That should describe the correct behavior for your API for each application type. That includes broad permissions per app-type (i.e. denied, implicit, explicit) but also may recommend or require specific mitigations that can only be implemented within your API.
If you have questions or concerns about the behavior as spec'ed, please feel free to bring it up (ideally in the corresponding original API Security Discussion on dev-webapps or in the bug that you file). Thanks!
Lucas.
Gregor Wagner
Aug 1, 2012, 2:51:57 PM8/1/12
to mozilla...@googlegroups.com, dev...@lists.mozilla.org
Removing the whitelist approach from gecko also means that we have to change the permission code in gaia. We will rely on the permission information provided in the .webapp files for apps and remove the "all apps get all permission" code.
If the right permissions are not set for an application, it might not work as expected. Keep this in mind if a WebAPI stops working.
We will have an overlap where we create whitelists for permission and populate the permissionDB but it is important that everybody updates their gecko and gaia trees regularly.
For WebAPI owners I suggest to add the right permissions to the .webapp files in gaia first and then change the whitelist check to nsIPermissionManager in gecko.
If the right permissions are not set for an application, it might not work as expected. Keep this in mind if a WebAPI stops working.
We will have an overlap where we create whitelists for permission and populate the permissionDB but it is important that everybody updates their gecko and gaia trees regularly.
For WebAPI owners I suggest to add the right permissions to the .webapp files in gaia first and then change the whitelist check to nsIPermissionManager in gecko.
Gregor Wagner
Aug 1, 2012, 2:51:57 PM8/1/12
to mozilla...@lists.mozilla.org, dev...@lists.mozilla.org
Josh Carpenter
Aug 1, 2012, 3:17:28 PM8/1/12
to Gregor Wagner, dev...@lists.mozilla.org, mozilla...@googlegroups.com
> If the right permissions are not set for an application, it might not work as expected. Keep this in mind if a WebAPI stops working.
Here's an old question, probably already answered somewhere:
Can apps detect when:
….they have been denied a permission?
…the user has not made a decision yet?
--
Josh Carpenter
UX Designer, B2G
Mozilla Corporation
> dev-b2g mailing list
> dev...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-b2g
Jonas Sicking
Aug 2, 2012, 10:57:53 AM8/2/12
to Josh Carpenter, dev...@lists.mozilla.org, Gregor Wagner
On Wed, Aug 1, 2012 at 12:17 PM, Josh Carpenter <jcarp...@mozilla.com> wrote:
>> If the right permissions are not set for an application, it might not work as expected. Keep this in mind if a WebAPI stops working.
>
>
> Here's an old question, probably already answered somewhere:
>
> Can apps detect when:
> ….they have been denied a permission?
Yes, generally they will get an error event with an error saying
>> If the right permissions are not set for an application, it might not work as expected. Keep this in mind if a WebAPI stops working.
>
>
> Here's an old question, probably already answered somewhere:
>
> Can apps detect when:
> ….they have been denied a permission?
"permission denied".
> …the user has not made a decision yet?
/ Jonas
0 new messages